Bug 520998

Summary: pyOpenSSL using application cannot connect to the server
Product: [Fedora] Fedora Reporter: Matěj Cepl <mcepl>
Component: pyOpenSSLAssignee: Paul F. Johnson <paul>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: jwboyer, mcepl, paul, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-30 15:27:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 473303    
Attachments:
Description Flags
debugging log of gajim
none
Build log of pyOpenSSL-0.7-7.fc12 none

Description Matěj Cepl 2009-09-03 05:10:46 UTC 
Created attachment 359616 [details]
debugging log of gajim

Description of problem:
gajim (my own rebuild of the upstream hg version, which used to work with previous versions of pyOpenSSL just fine) suddenly hangs on connecting to the server with the last messages being

20:07:00 (I) gajim.c.x.tls_nb Starting TLS estabilishing
20:07:00 (D) gajim.c.x.tls_nb _startSSL called
20:07:00 (D) gajim.c.x.tls_nb _startSSL_pyOpenSSL called
20:07:00 (D) gajim.c.x.tls_nb common.xmpp.tls_nb.PyOpenSSLWrapper.__init__ called with <Connection object at 0x355f470>
20:07:00 (D) gajim.c.x.tls_nb Initiating handshake...


Version-Release number of selected component (if applicable):
gajim-0.13-0.1.20090901hg.1.fc12.x86_64
pyOpenSSL-0.7-7.fc12.x86_64

How reproducible:
100%

Steps to Reproduce:
1.start gajim
2.
3.
  
Actual results:
starts connecting to the server, but never finishes

Expected results:
it should connect as it used to

Additional info:
Comment 1 Tomas Mraz 2009-09-03 07:37:03 UTC 
Created attachment 359634 [details]
Build log of pyOpenSSL-0.7-7.fc12

There are many strict aliasing warnings in the current build log. I'd try to compile it with -fno-strict-aliasing and if it helps preferably patch the code so the strict aliasing violations are avoided.
Comment 2 Matěj Cepl 2009-09-06 19:52:33 UTC 
(In reply to comment #1)
> Created an attachment (id=359634) [details]
> Build log of pyOpenSSL-0.7-7.fc12
> 
> There are many strict aliasing warnings in the current build log. I'd try to
> compile it with -fno-strict-aliasing and if it helps preferably patch the code
> so the strict aliasing violations are avoided.  

I did build packages with -fno-strict-aliasing (see http://mcepl.fedorapeople.org/rpms/) and it didn't help. The issue was very much the same.
Comment 3 Matěj Cepl 2009-09-29 15:42:19 UTC 
Paul, could you please upgrade pyOpenSSL, we have a very old one in fedora. The new one (in a very rough scratch build) builds here http://koji.fedoraproject.org/koji/taskinfo?taskID=1716275
Comment 4 Matěj Cepl 2009-09-29 16:38:56 UTC 
Upgraded in Rawhide (http://koji.fedoraproject.org/koji/taskinfo?taskID=1716798 -- yay, for fast Rawhide builds now!)
Comment 5 Matěj Cepl 2009-09-29 16:46:10 UTC 
Build for F-12, but cannot make a bodhi request
Comment 6 Josh Boyer 2009-09-30 12:08:01 UTC 
(In reply to comment #5)
> Build for F-12, but cannot make a bodhi request  

You don't need to make a bodhi request.  This will show up in rawhide already.
Comment 7 Matěj Cepl 2009-09-30 13:52:10 UTC 
(In reply to comment #6)
> (In reply to comment #5)
> > Build for F-12, but cannot make a bodhi request  
> 
> You don't need to make a bodhi request.  This will show up in rawhide already.  

F-12 is not a Rawhide anymore.
Comment 8 Josh Boyer 2009-09-30 14:46:53 UTC 
(In reply to comment #7)
> (In reply to comment #6)
> > (In reply to comment #5)
> > > Build for F-12, but cannot make a bodhi request  
> > 
> > You don't need to make a bodhi request.  This will show up in rawhide already.  
> 
> F-12 is not a Rawhide anymore.  

https://www.redhat.com/archives/fedora-devel-list/2009-September/msg01254.html

[jwboyer@hansolo packages]$ koji latest-pkg dist-f12 pyOpenSSL
Build                                     Tag                   Built by
----------------------------------------  --------------------  ----------------
pyOpenSSL-0.9-1.fc12                      dist-f12              mcepl
[jwboyer@hansolo packages]$ koji latest-pkg f12-beta pyOpenSSL
Build                                     Tag                   Built by
----------------------------------------  --------------------  ----------------
pyOpenSSL-0.9-1.fc12                      f12-beta              mcepl
[jwboyer@hansolo packages]$
Comment 9 Matěj Cepl 2009-09-30 15:27:43 UTC 
Awesome. Closing.
Comment 10 Matěj Cepl 2009-10-26 11:39:32 UTC 
Note, it works perfectly well with ejabberds, but not with openfires. There is something weird about their SSL implementation to make it not working with pyOpenSSL.